This question came from our site for professional and enthusiast programmers. Votes, comments, and answers are locked due to the question being closed here, but it may be eligible for editing and reopening on the site where it originated.

Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise.
If this question can be reworded to fit the rules in the help center, please edit the question.

9 Answers
9

I would use Scapy for your presentation. Scapy is python, so people in the audience are likely to know the language, and if they don't, they can probably read it if they know other languages.

More importantly, Scapy would be particularity good because you can craft packets layer by layer (OSI layers) so it will be easy to tie your examples conceptually to the explanations. See the first link in the slides section of Scapy link above for an example of how well this tool can fit with presentations.

Also, since it is a multipurpose tool, you can demonstrate both sniffing ( like wireshark ) and packet crafting.

insecure.org has held a couple of polls on network security tools. The results are maintained at http://sectools.org/ and give details and locations of a range of popular, widely-used tools. Rather than just listing names it gives some background as to why the tools are used.

Do bear in mind that the use (or even the downloading or possession?) of such tools may be illegal or contrary to the AUP (acceptable usage policy) of hosts or networks over which the tools are used.

In addition to mas' comment about insecure.org, you might try out securityfocus.com - they've got a list of tools, too.

But, more than that, what are you really trying to do? There are many, many security tools, and each does something different. Do you want tools to benchmark the security of a system, or to meet a benchmark? If so, you might try NIST's FDCC ( http://nvd.nist.gov/fdcc/index.cfm ). Are you trying to check the security of Unix passwords? Jack The Ripper is an oldie. What about Windows passwords? Then you'd want l0phtcrack. Or if you are testing the security of a web application, you would want a scanner like WebInspect or Cenzic Hailstrom - or you might use a proxy like Google's Ratproxy or OWASP's WebScarapb or Burp Proxy (not sure who offers that one). Are you trying to scan a whole machine - or a whole network - and see what's on, and what's got vulnerabilities? Nessus and NMap are good for that.

If you can narrow down your question a bit, people in the know can offer better suggestions.